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SCOPE OF WORK {27 OcT 2008} 


Non-Disclosure/Non Re-Use Requirements 


The information contained in this document contains information 
considered to be the intellectual property of the author and as such must: 


be safeguarded by the recipient, 


not be communicated to a third party, 


not be used for any other purpose than which it was supplied to the 
recipient for, or 


not be reproduced in any way, 


without the express written consent of the author. 
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SCOPE OF WORK {27 OcT 2008} 


Client: JV as agreed Dave Kleiman / Craig Wright 
Task: Network P2P Software derivative system 


Start Date: 2009 
Completion Date: 
Project No.: 00-01 





OVERVIEW 


EXECUTIVE SUMMARY 


This project involves the creation of a SCADA targeted filter. This filter will act as a 
security gateway allowing users to access legacy systems that do not support modern 
encrypted protocols to do so whist not having to interfere with the existing system. At the 
same time, advanced threats and Malware will be isolated from the systems using a 
bridged firewall layer. This system will in itself be isolated and resilient and be capable of 
reliable action when power and other failures occur. It will collate and report attacks 
seamlessly allowing Internet connected management and monitoring systems to co-exist 
on treacherous networks in a cloud environment. 


The TripleS / Spyder device is an embedded Linux-based appliance with an RFC 
compliant IPSec and Stateful firewall implementation built into the kernel. It is built 
using embedded Linux and is completely solid state with no moving parts to fail and no 
hard drive. It also utilises kernel-based IPSec. Designed as an appliance, this system is 
modular and highly configurable, requiring a small physical, CPU and memory footprint. 


The TripleS / Spyder appliance platform provides a base set of services and functions as 
an operating environment for many security conscious network based applications. The 
Appliance provides built-in IPSec encryption, SSHv2 Secure Remote Management, text 
based management and power-off safe operation. 


This project will provide a low cost, high availability and security SCADA security 
solution through: 


° System inventory management 

° Firewall 

° Anti-virus / anti-malware 

° Forensic network capture 

° IP property protection and extrusion reporting 

° Risk quantification 

° Advanced traffic filtering and data capture 

° The idea to be patented — advanced IDS / honeypot 
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SCOPE OF WORK {27 OcT 2008} 


Basic Management and upkeep of TripleS / Spyder 


System Life-Cycle comprises: 
¢ Security Patch updates 
¢ System and Application updates 
« System health-check and maintenance 
* System Security Integrity maintenance 


TripleS / Spyder embodies an imbedded, appliance architecture with a strong bias 
towards encryption, out-of-band authentication and other network applications. 


Two primary products have been designed at this point, with expansion into additional 
modules planned for the future. 
* TripleS / Spyder Encrypted Private Network Gateway 
¢ The TripleS / Spyder EPN Gateway provides a platform for performing IPSec 
encryption in several configurations: 
1) Network-to-Network 
2) Host-to-Network 
3) Host-to-Host 
4) TripleS / Spyder IDS 
¢ The TripleS / Spyder application is also capable of providing a platform for an 
IDS sensor. 


The TripleS / Spyder appliance platform provides a base set of services and functions as 
an operating environment for many security conscious network based applications. The 
Appliance provides built-in IPSec encryption, SSHv2 Secure Remote Management, Text 
based management and power-off safe operation 


The TripleS / Spyder appliance has been built with size, performance and security as 
primary goals, and as a result of this, the system does not run any network accessible 
processes except those required by specifically installed modules. 


The TripleS / Spyder platform offers no intrinsic network access paths, and is not 
accessible on the network unless one of the network modules has been installed. The 
TripleS / Spyder system does not load any network accessible functionality except as 
required by the appliance modules loaded in any specific configuration. 


The TripleS / Spyder Measurement appliance is an “Out-of-Band” strong authentication 
and connection gateway system. Measurement is an access concentrator, which performs 
strong authentication of user requests. In a security conscious environment, the 
Measurement allows an organization to effectively provide wide-ranging access to 
systems or services through a single, secure access path. 
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The TripleS / Spyder appliance is a perfect platform for Measurement services due to the 
security functions and services built into the base system. 
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SCOPE OF WORK {27 OcT 2008} 


1.1 Related Work and our contributions 

This project involves the creation of a SCADA targeted filter. This filter will act as a 
security gateway allowing users to access legacy systems that do not support modern 
encrypted protocols to do so whist not having to interfere with the existing system. At the 
same time, advanced threats and Malware will be isolated from the systems using a 
bridged firewall layer. This system will in itself be isolated and resilient and be capable of 
reliable action when power and other failures occur. It will collate and report attacks 
seamlessly allowing Internet connected management and monitoring systems to co-exist 
on treacherous networks in a cloud environment. 


Technical Approach 


A PCap module written in R and C that can take direct network feeds (TCP/IP) and report 
on anomalous traffic (with a learning feature and feedback cycle to minimize error with 
use) will be developed with the appliance. 


A nonce based IPv6 key distribution will be developed. 


This will create a P2P secure IPSec system with a consideration based authentication web 
of trust. 


Extends and uses the prototype time stamping and p2p proof of work system 
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Personnel and Performer Qualifications and Experience 


Craig 8 Wright (Full CV too long and is available in request) 

Over the years Craig has personally conducted and managed in excess of 1,600 IT security related 
engagements for more than 180 Australian and international organizations in both the private and 
government sectors. As a strong believer in life-long learning, Craig has qualifications in Law, IT, 
Mathematics and Business. 


Dave Kleiman (http://en. wikipedia.org/wiki/Dave_Kleiman) 
Dave Kleiman is a noted Forensic Computer Investigator, an author/coauthor of multiple books and a noted 
speaker at security related events 


TASKS 


1) Attend an introductory meeting to discuss scope and general information. 

2) Compile the results of the initial research conducted by CSW in DeMorgan and Rifges Estate. 
3) Integrate logging systems and processes from DK 

4) Prepare a brief report summarising the findings. 

5) Prepare a presentation of the summarised findings (if requested). 

6) Attend a meeting to discuss/present the findings and next steps. 


The following tasks will be performed as part of this engagement. 
1) Schedule and host the introductory meeting. 

2) Receive general information about the system. 

3) Define a timeframe in which to detail the projecyt scope. 


4) Plan the Project signoff criteria 
5) Schedule and host the findings meeting. 
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DELIVERABLES AND WORK ACCEPTANCE 


1) Summarized report completed works. 
2) Presentation of the summarised report (if requested). 
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SCOPE OF WORK {27 OcT 2008} 


EXCLUSIONS AND ASSUMPTIONS 


Assumptions 


The following assumptions have been made in this proposal. The invalidation of the assumptions 


may result in scope changes and additional charges. 


Exclusions 


The following exclusions apply: 


To be added 


COSTS 


The following cost estimates for the work as defined within this scope have been made: 


Existing IP will be valued by the parties and sold into an Australian Company to be formed in 
2009. 


Once made to an acceptable level, funding options will be sought from Playboy Gaming and 
Centrebet who will be used as test facilities. 


CLIENT ACCEPTANCE 


CONFIDENTIAL 


We accept the above Scope of Work and approve the commencement of services to be provided 
within the Scope and for the estimated costs contained herein. Any changes to the Scope of Work 
or changes to Costs relating to those changes must be approved in writing prior to any 
commencement of work upon such changes and shall be attached and made part of this Scope of 
Work. 


Each party agrees to pay the other for property and consulting services to complete research. 
The contract is to be bonded against the intellectual property of the dev eloped under DISS by 


CSW. 


To me digitally 
signed 
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